COVID-19 (coronavirus) has drastically changed the world, forcing almost all non-essential workers to stop traveling and switch to working from home full time. With this new lifestyle of all-remote, all the time, our dependency on connected devices has never been so high.
But even after the global health crisis passes, we can expect that this trend of increased digital dependency will continue, where remote connectivity will be more deeply integrated into our lives than ever before. Not only will we simply have more connected devices around us at all times, but these devices will expound in sophistication and complexity with higher levels of functionality—and higher levels of risk.
To keep pace with this rising rate of connectivity and to keep ourselves protected from the simultaneously rising cybersecurity threats, we need cybersecurity solutions that can detect attacks, prevent attack persistency, enable quick recovery, and collect forensic data to continuously enrich and improve defenses and stay ahead of new attacks to prevent catastrophe in the future.
Cybersecurity Threats Surround Us
There are already new malware threats taking advantage of our increased remote connectivity. For example, dark_nexus (Dark Nexus) is a rapidly evolving and sophisticated botnet that’s threatening the integrity of the Internet of Things (IoT). Dark Nexus uses known credentials and installs itself on compromised connected devices, acting as a bot to stage Distributed Denial-of-Service (DDoS) attacks.
Dark Nexus can attack a variety of different IoT devices—devices that have already been compromised include router models, video recorders, and thermal cameras. Furthermore, Dark Nexus can morph to attack different kinds of devices to carry out its nefarious activities, e.g., propagating and infecting more devices or networks from other companies to make the botnet army grow.
Even more frightening is the fact that Dark Nexus was built on the foundations of the Mirai botnet and Qbot, proving that botnet operators have the capabilities to continuously evolve and find new ways to attack poorly secured IoT devices.
The Most Attractive Cyber Prey
The IoT devices that are most attractive prey for Dark Nexus are devices in industrial settings, like utilities routers, smart meters, and industrial controllers. If successful, an attack on these devices could compromise entire infrastructures—of states or even countries.
For example, Dark Nexus could compromise a state’s electric grid, seize control of the smart meters, and manipulate the meters to run too slowly or too quickly. What seems like a simple action can, indeed, have catastrophic results: Manipulating the meters would overrun the energy company’s customer service, erode the public’s trust of the company (and, thus, their willingness to pay), and, ultimately, incite chaos.
As our society becomes more and more digitized, IoT and IIoT (Industrial Internet of Things) devices are becoming more sophisticated and highly functional as they become an increasingly critical part of our everyday lives. But as sophistication and criticality increase, so, too, does the risk of cyberattack.
Preparing for Increased Attacks
As we hope to approach a post COVID-19 world, this dependence on connected devices will surely grow, as IoT will be more integrated into our daily lives than ever. Of course, increased connectivity is advantageous to society, delivering new levels of efficiency, productivity, and innovation; however, increased connectivity also increases the attack surface area—and its value to would-be attackers.
The best defense against these attackers is preparation. We have to assume that every IoT device as vulnerabilities—and that these vulnerabilities will be increasingly targeted by attackers.
So, what can we do now to prepare for increased attacks in a post-COVID, hyperconnected world?
First, companies need to be aware of their IoT assets and what the associated risks are. Then, they need to determine adequate security measures that can both detect and prevent future attacks.
NanoLock Security is providing a joint solution with Dutch telecom KPN Security to safeguard IoT devices against cyberthreats, like Dark Nexus. KPN’s powerful protection incorporates NanoLock’s cloud-to-flash technology, which protects the firmware of an edge device from any unauthorized manipulation in the flash memory itself, thus, preventing malware threats, like Dark Nexus, from ever being installed.
Besides preventing attacks, this joint solution also detects any attempted attacks.
For example, if Dark Nexus attempted to install itself on an IoT device equipped with this solution, KPN’s SOC would immediately be notified of the intended threat at the moment it is happening, allowing its customers to immediately enact their prepared defense procedures. The SOC could also determine whether the attack was just targeting select devices or was aiming to attack others in the network. And when it comes to safeguarding one’s company, successfully detecting an attempted attack is just as important as deflecting it, as it is this knowledge that enables a company to immediately begin collecting forensic evidence—crucial data if one intends to seek financial compensation for the damages incurred.
In a hyperconnected world, security has become like an arms race. Just as companies improve their defenses against attackers, so, too, do the attackers improve their means for attack. To continue building a robust defense against cyberattacks, companies need data, e.g. ‘How did the attack take place?’ ‘What happened during the attack?’ That’s why KPN and NanoLock have developed a joint solution that can start collecting the data and the evidence immediately upon attack to empower companies and help bolster their defenses.
COVID-19 has plunged us into a hyperconnected world—with heightened opportunities for attacks. Even in the midst of the crisis, companies need to act now to increase their preventative security measures to fortify our infrastructures to withstand the new normal of complete digital dependency.